We live in a world where everyone wants access to as much information as possible. We want the highest levels of communication and collaboration with each other, and we pitch a royal fit when access is denied.

Nowhere is this more evident than in the technology realm, and on a granular level, in the file sharing space. Applications like SharePoint, Lync and Exchange have made group communications and collaboration simple and convenient, but they also inherently open up corporate networks to security risks. Compounding those risks is the fact that these applications offer “everyone” access to folders and files by default, creating headaches for administrators who want to maintain some level of control over file permissions.

The norm for Microsoft (News - Alert) Windows until recently was to assign group access permission to new folders by default. And with SharePoint, end users often set permissions on their own and it’s very easy to give access to everyone in the domain to a specific directory. These default settings assume that administrators or end users will be savvy and aware enough to change permissions to create a modicum of control, an assumption that can be dangerous and costly in the long run.

Since it is unlikely that software developers will address this issue within their apps, it is up to IT admins to figure out how to handle it. Varonis, a provider of unstructured and semi-structured data governance software, suggests some strategies to combat the problem in their white paper “Fixing the Everyone Problem.” The company suggests that one solution is to simply remove the “Everyone” group from folders and wait for the fallout to begin as angry users get access denied errors. Administrators have the option of turning on Windows Server Auditing, SharePoint auditing and UNIX/Linux auditing and rifling through lengthy logs to find out who is accessing which data and creating new groups in an attempt to limit and control access. This process is extremely time consuming and impractical considering the amount of data being aggregated these days.          

Of course, a third option is not to address the problem at all and just proceed as usual. This is not a very practical approach when it comes to sensitive company information and financial data, however. An automated solution that can examine all the folders and files being accessed and figure out which users and groups need access to which data is an optimal way to deal with the Everyone problem.

Varonis offers a software-based data governance solution that uses metadata to list everything on the network that is currently open to global access groups or “Everyone.” It then prioritizes folders based on parameters like activity exposure and the amount of sensitive data. The offering lets administrators see which users are accessing which folders and files and enables them to change permissions on all platforms via a single interface. Permissions may be changed based on the folders that are at greatest risk of security breaches, and administrators are alerted immediately when new folders are created.

The DatAdvantage Suite from Varonis is available for Windows, SharePoint, Exchange, UNIX/Linux, and Directory Services. The company also announced an API for its DatAnywhere private cloud file-sharing solution last week. The offering migrates traditional file-sharing infrastructure to a secure private for access of on-premises files through mobile devices and file synchronization.